Digging into Data Privacy on #DataPrivacyDay

Whether or not it’s marked on your calendar, January 29 is “Data Privacy Day”.

Ideally, it’s a day that we reflect on how our personally information is being used by business and government, and how this may impact our lives.

In exchange for brand new online services, we often give companies the ability to collect information on us. And meanwhile, governments are becoming sophisticated in their data collection practices, often reasoning that it helps them protect children and detect terrorist plots – which may, in fact, work. But there’s also an importance to having a reasonable expectation around privacy, and at least some control around what is made public knowledge.

1. New Details Emerge Around a Canadian Spy Agency’s Mass Online Surveillance

In the name of terrorism prevention, it was revealed Wednesday that Canada’s Communications Security Establishment collects metadata on millions of online downloads every day by people around the world as part of a project dubbed “Levitation”.

Levitation was detailed in presentation slides obtained by former NSA contractor Edward Snowden, and reported in cooperation by CBC News and The Intercept. The Five Eyes intelligence alliance, which includes Canada, the U.S., the U.K., Australia and New Zealand, means that CSE could exchange this metadata with foreign agencies. CSE is not, however, supposed to target Canadians and when untargeted Canadians are inadvertently swept up by mass surveillance, it must mask their identities before sending their information abroad.

Unsurprisingly, privacy is an enormous concern for children, who are at once very vulnerable online but also surprisingly capable of bypassing systems designed to keep them safe.

The most important legislation that any company that collects personally identifiable information on children under the age of 13 is the Children’s Online Privacy Protection Act passed in the U.S. in 1998, and even foreign companies are subject to it. It includes stipulations such as requiring companies provide parents the data collected on their child upon request, and ensuring that a child doesn’t have to give over more personal information to progress in a game or to access more content.

Given that there are unique legal considerations for digital content aimed at kids – as well as usability considerations – Montreal software developer Floop was showcasing its suite of services that help developers of kids iOS apps. For instance, iOS apps designed for children must have “parental gates” that ensure that children don’t access age-inappropriate content within the app or outside of it. Floop provides an SDK that makes it easy for developers to add parental gates, but also add kid-friendly video, ads, and links to other games all within the app. This ensures that children have a selection of content to view without being exposed to the wider (and scarier) internet.

By way of the Firefox Lightbeam plugin, Private Eye helps show what third-party sites are tracking your online activity in addition to the sites you actually meant to visit.

While the government’s involvement in data collection remains abstract and unclear, and businesses struggle to incorporate privacy into their apps, tools like the ones Mozilla builds help us understand the privacy implications of our own activity online, and ultimately help us make informed decisions.